package com.cloudcross.ssp.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.cloudcross.ssp.base.service.MyUser;
import com.cloudcross.ssp.common.utils.PropertiesUtils;
import com.cloudcross.ssp.model.Account;
import com.cloudcross.ssp.model.Resources;
import com.cloudcross.ssp.service.IAccountService;
import com.cloudcross.ssp.service.IResourcesService;

/**
 * User userdetail该类实现 UserDetails 接口，该类在验证成功后会被保存在当前回话的principal对象中 获得对象的方式：
 * WebUserDetails webUserDetails =
 * (WebUserDetails)SecurityContextHolder.getContext
 * ().getAuthentication().getPrincipal(); 或在JSP中： <sec:authentication
 * property="principal.username"/> 如果需要包括用户的其他属性，可以实现 UserDetails 接口中增加相应属性即可
 * 权限验证类
 * 
 * @author wuqiang.du 2013-11-19
 * @Email: mmm333zzz520@163.com
 * @version 1.0v
 */
@Service(value = "myUserDetailServiceImpl")
public class MyUserDetailServiceImpl implements UserDetailsService {

    @Autowired
    private IAccountService   accountMapper;
    @Autowired
    private IResourcesService menuMapper;

    // 登录验证
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //取得用户的权限
        Account users = accountMapper.querySingleAccount(username);
        if (users == null)
            throw new UsernameNotFoundException(username + " not exist!");
        Collection<GrantedAuthority> grantedAuths = obtionGrantedAuthorities(users);
        // 封装成spring security的user
        MyUser userdetail = new MyUser(users.getAccountName(), users.getPassword(), "1".equals(users.getState()), //账号状态  0 表示停用  1表示启用
                true, true, true, grantedAuths, //用户的权限
                users.getType(), users.getOperatorId(), users.getAgentId(), users.getAdvertiserId());
        return userdetail;
    }

    // 取得用户的权限
    private Set<GrantedAuthority> obtionGrantedAuthorities(Account account) {
        List<Resources> menus = null;
        if (account.getAccountName().equals(PropertiesUtils.findPropertiesKey("rootName"))) {//根据账号拥有所有权限
//        if (PropertiesUtils.findPropertiesKey("rootName").equals(account.getAccountName())) {//根据账号拥有所有权限
            menus = menuMapper.queryAll(new Resources());//超级管理员加装所有权限
        } else {
            //			menus = menuMapper.findAccountResourcess(String.valueOf(account.getId()));
            //			menusOther = menuMapper.findResourcesByAccount(new Long(account.getId()));
            //			if(menusOther!=null){
            //				System.err.println("++++++++++"+menusOther+"---------");
            //				menus.addAll(menusOther);
            //			}
            menus = menuMapper.findAllResourcesByAccountId(new Long(account.getId()));
        }
        Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
        for (Resources res : menus) {
            // TODO:ZZQ 用户可以访问的资源名称（或者说用户所拥有的权限） 注意：必须"ROLE_"开头
            // 关联代码：applicationContext-security.xml
            // 关联代码：com.huaxin.security.MySecurityMetadataSource#loadResourceDefine
            authSet.add(new SimpleGrantedAuthority("ROLE_" + res.getResKey()));
        }
        return authSet;
    }
}
